[Secure-testing-team] Bug#872854: dnsdist: CVE-2016-7069 CVE-2017-7557
Salvatore Bonaccorso
carnil at debian.org
Mon Aug 21 20:15:45 UTC 2017
Source: dnsdist
Version: 1.1.0-2
Severity: important
Tags: security patch upstream
Hi,
the following vulnerabilities were published for dnsdist, not filling
two bugs individually since 1.1.0 is commont for all affected suites.
CVE-2016-7069[0]:
Crafted backend responses can cause a denial of service
CVE-2017-7557[1]:
Alteration of ACLs via API authentication bypass
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-7069
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7069
[1] https://security-tracker.debian.org/tracker/CVE-2017-7557
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7557
Regards,
Salvatore
More information about the Secure-testing-team
mailing list